Age | Commit message (Collapse) | Author |
|
This builds on @utezduyar's #4640, but extends on it.
Fixes: #4550
Replaces: #4640
|
|
Let's clarify that RestrictAddressFamilies= and MemoryDenyWriteExecute=
are only fully effective if non-native system call architectures are
disabled, since they otherwise may be used to circumvent the filters, as
the filters aren't equally effective on all ABIs.
Fixes: #5277
|
|
rework WorkingDirectory= and RootDirectory= management for services
|
|
fstab-generator: Options= applies specifier expansion
|
|
This reverts commit 8b89628a10af3863bfc97872912e9da4076a5929.
This broke #5246
|
|
A revert and some other tweaks for the man pages
|
|
Add new MountAPIVFS= boolean unit file setting + RootImage=
|
|
|
|
This effectively reverts commit 5d2abc04fc95f5c5f6d0eaf2f:
Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Wed Apr 16 22:15:42 2014 -0400
man: document relationship between RequiresMountsFor and noauto
https://bugzilla.redhat.com/show_bug.cgi?id=1088057
Fixes #5249.
|
|
We should try to keep the unbreakable lines below 80 columns.
It's not always possible of course.
Also, use the dl.fp.o alias instead of a specific mirror.
|
|
swap seccomp filter params on s390
|
|
There was a missing dependency and one with the wrong type. Additionally, refer
to DefaultDependencies= once instead of twice, without a vague reference in the
first one that doesn't mention that the value matters.
Fixes #5226.
|
|
Add a bit of code that tries to get the right parameter order in place
for some of the better known architectures, and skips
restrict_namespaces for other archs.
This also bypasses the test on archs where we don't know the right
order.
In this case I didn't bother with testing the case where no filter is
applied, since that is hopefully just an issue for now, as there's
nothing stopping us from supporting more archs, we just need to know
which order is right.
Fixes: #5241
|
|
Same reasons as the previous patch.
|
|
Let's document that this is the case, and properly escape % when we
generate Options= in the generator.
Fixes: #5086
|
|
Add a new --pivot-root argument to systemd-nspawn, which specifies a
directory to pivot to / inside the container; while the original / is
pivoted to another specified directory (if provided). This adds
support for booting container images which may contain several bootable
sysroots, as is common with OSTree disk images. When these disk images
are booted on real hardware, ostree-prepare-root is run in conjunction
with sysroot.mount in the initramfs to achieve the same results.
|
|
On i386 we block the old mmap() call entirely, since we cannot properly
filter it. Thankfully it hasn't been used by glibc since quite some
time.
Fixes: #5240
|
|
The --help text currently uses the "--umount" spelling, hence to the
same in the man page too.
And let's settle on "umount" instead of "unmount" here, since most folks
probably expect that when typing in a command, as util-linux' tool is
called "umount" after all, and so is the symlink "systemd-umount" we
install.
|
|
|
|
|
|
|
|
The third paragraph of the Description already linked to
systemd.resource-control(5), but it was missing from the list of
additional options for the [Service] section.
|
|
This slightly extends the roothash loading logic to first check for a
user.verity.roothash extended attribute on the image file. If it exists,
it is used as Verity root hash and the ".roothash" file is not used.
This should improve the chance that the roothash is retained when the
file is moved around, as the data snippet is attached directly to the
image file. The field is still detached from the file payload however,
in order to make sure it may be trusted independently.
This does not replace the ".roothash" file loading, it simply adds a
second way to retrieve the data.
Extended attributes are often a poor choice for storing metadata like
this as it is usually difficult to discover for admins and users, and
hard to fix if it ever gets out of sync. However, in this case I think
it's safe as verity implies read-only access, and thus there's little
chance of it to get out of sync.
|
|
directory for a service
This is similar to RootDirectory= but mounts the root file system from a
block device or loopback file instead of another directory.
This reuses the image dissector code now used by nspawn and
gpt-auto-discovery.
|
|
conjunction with RootDirectory=
This adds a boolean unit file setting MountAPIVFS=. If set, the three
main API VFS mounts will be mounted for the service. This only has an
effect on RootDirectory=, which it makes a ton times more useful.
(This is basically the /dev + /proc + /sys mounting code posted in the
original #4727, but rebased on current git, and with the automatic logic
replaced by explicit logic controlled by a unit file setting)
|
|
make RestrictAddressFamilies= officially a NOP on i386
|
|
|
|
|
|
We already say that it doesn't work on i386, but there are more archs
like that apparently.
|
|
Fix WorkDir=~ with empty User=
|
|
|
|
Fixes #4916.
|
|
This changes the environment for services running as root from:
LANG=C.utf8
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
INVOCATION_ID=ffbdec203c69499a9b83199333e31555
JOURNAL_STREAM=8:1614518
to
LANG=C.utf8
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
HOME=/root
LOGNAME=root
USER=root
SHELL=/bin/sh
INVOCATION_ID=15a077963d7b4ca0b82c91dc6519f87c
JOURNAL_STREAM=8:1616718
Making the environment special for the root user complicates things
unnecessarily. This change simplifies both our logic (by making the setting
of the variables unconditional), and should also simplify the logic in
services (particularly scripts).
Fixes #5124.
|
|
systemd-cgls --unit --user-unit
|
|
|
|
$ systemd-cgls -u systemd-journald.service machine.slice
I opted for a "global" switch, instead of modifying the behaviour of just one
argument. It seem to be a more useful setting, since usually one will want to
query one or more units, and not mix unit names with paths.
Closes #5156.
|
|
|
|
'systemctl --failed' is an extremely common operation and it's nice to have
a shortcut for it.
Revert "man: don't document systemctl --failed" and add the option back to
systemctl's help and shell completion scripts.
This reverts commit 036359ba8d0aba7db7eac75d10073a849a033fd1.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Show example of all `systemctl status` output and documents what possible
"Loaded:", "Active" and "Enabled" values mean.
- Documents what different colors of the dot mean.
- Documents "gotcha" with load-on-demand behavior which will report units as
"loaded" even if they are only loaded to show their status.
(From @poettering: https://github.com/systemd/systemd/issues/5063#issuecomment-272115024 )
|
|
Small fixes and enhancements to docs and code
|
|
|
|
|
|
When a user is trying to understand what is going on with a restart action, it is useful to explicitly describe how the action is run. It may seem obvious, but it is helpful to be explicit so one knows there isn't a special ExecRestart= or similar option that they could be looking at.
|
|
Loosely inspired by https://bugzilla.redhat.com/show_bug.cgi?id=1411134.
|